how-comply-gdpr

GDPR refers to the European Union’s General Data Protection Regulation. GDPR means that organizations that handle EU citizens’ data face massive fines (up to 4% of their global annual turnover) if they are non-compliant.

It’s important to note that a company or service provider with no physical EU footprint still has to comply with the EU data protection legislation…if it processes EU citizens’ data.

There are inherent risks associated with portable storage, so it is valuable to note how to implement GDPR from a practical standpoint.  The new standards all but ensure that lost portable storage devices and other such security breaches will be reported to regulators going forward.  This serves to protect consumers and clients, who have a right to know when they have been compromised or hacked. Reporting looks somewhat different for data that is unlikely to result in a risk for the rights and freedoms of an individual (an unencrypted USB flash drive containing patient information, for example).

GDPR tells us that organizations should protect data at a level that is attainable using current technology, and at a reasonable cost (financial and time).

So, as a global expert within encryption and portable data storage, what does DataLocker recommend to achieve compliance?

  • Have a solution that protects all stored data with automatic encryption and strong passwords.
  • Take care that only authorized staff have the rights to transport data.
  • Keep track of which data is transferred onto encrypted portable media.
  • Have a solution that only allows access to data in approved territories, as transborder data (that which is subject to foreign jurisdiction) is subject to additional restrictions.
  • Have the ability to permanently erase and all copies of a data subject’s stored information.
  • Centrally managed hardware encrypted portable storage that provides audit trail capabilities is the recommended solution.

The costs of NOT implementing a solid portable storage solution are too great to ignore.  The risk of noncompliance is not one worth taking!

*image credit: Termsfeed.com, appearing in an article by Leah Hamilton